Solved: Login Problem at IOS-XR(ASR9010)

wuyian2012 · ‎02-05-2015

The IOS device has a command of

login block-for 60 attempts 3 within 10 and login on-failure log every 3
if i want do it in the IOS-XR device

i can't find the command in the Config Guid

what command can support this function for me

Thanks

smilstea · ‎02-06-2015

XR does not support either of these commands, however we do log all failures in syslog and XR has a separate management plane so you should not be getting too many brute force attempts.

However, if you are, or even are not, then I would recommend using MPP (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/security/configuration/guide/b_syssec_cg51xasr9k/b_syssec_cg51xasr9k_chapter_0110.html) as MPP will send a TCP reset instead of establishing a connection for login if the IP address or incoming interface is not in the specified values.

Thanks,

Sam

View solution in original post

smilstea · ‎02-06-2015

XR does not support either of these commands, however we do log all failures in syslog and XR has a separate management plane so you should not be getting too many brute force attempts.

However, if you are, or even are not, then I would recommend using MPP (http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/security/configuration/guide/b_syssec_cg51xasr9k/b_syssec_cg51xasr9k_chapter_0110.html) as MPP will send a TCP reset instead of establishing a connection for login if the IP address or incoming interface is not in the specified values.

Thanks,

Sam

ปลาวาฬทราย RMUTT CPE IX · ‎09-28-2016

If among right range IP have some abnormal IP behavior, how should I do?

Thank you very much.